It said it never gave others access to personal data without people's permission and had seen no evidence that the data had been misused.

However, it has acknowledged again that it should have prevented third parties being able to tap into users' data, after publicly announcing that it had ended the privilege for security reasons.

Examples given by the NYT include allowing others' products the ability to read users' private messages and to see the names, contact details and activities of their friends.

Facebook's handling of the matter has drawn criticism, including tweets from its own former chief security officer Alex Stamos, who has called on it to disclose more details about what special access it provided to whom.

This isn't a good response from Facebook to the NY Times story, because it makes the same mistake of blending all kinds of different integrations and models into a bunch of prose and it is very hard to match up the responses to the Times' claims.https://t.co/rrnWylOBMp

The latest revelations follow a series of scandals including the Cambridge Analytica data harvest, incitement to violence in Myanmar, also known as Burma, evidence of Russian and Iranian meddling in the US elections, and several data-exposing bugs.

These have undermined public confidence in Facebook, led to calls for new regulations and prompted demands for a leadership rethink.

"We have to seriously challenge the claim by Facebook that they are not selling user data," commented Damian Collins MP, chair of the UK Parliament's Digital, Culture, Media and Sport Committee.

"They may not be letting people take it away by the bucket load, but they do reward companies with access to data that others are denied, if they place a high value on the business they do together. This is just another form of selling."

The Irish Data Protection Commission, which takes the lead on Facebook in the EU, has issued a brief statement: "We are aware of the media reporting from earlier today. We are currently assessing what next steps, if any, are required."

Analysis: Dave Lee, North America technology reporter

Image copyrightGetty ImagesImage caption
Some believe Mark Zuckerberg should allow someone else to be appointed Facebook's chairman or chairwoman

Facebook, as ever, thinks it's being unfairly picked on. Indeed, as recently as this week, former security boss Alex Stamos described the Cambridge Analytica scandal as an overreaction.

With its statement on Wednesday, Facebook took the same tone it has since this whole mess began in March: users gave consent, everybody knew, nothing to see here.

But what Facebook underestimates, continually, is the extent to which this year has produced a "data-awakening" among the general public, and how now is the time for the company to lay it all out on the table.

If I was a Facebook employee, or shareholder, I'd be telling Mark Zuckerberg: "It's time to be completely open about who has or had access to data."

That's the only way to stop 2019 being like 2018: a drip-drip of headlines that have eroded Facebook's reputation, perhaps irreparably.

Who got what?

The NYT bases its analysis on hundreds of pages of documents and dozens of interviews, the full details of which it has not shared.

In total, it said the social network had special arrangements with more than 150 companies to share its members' personal data. Most of these, it said, were other tech firms, but the list also included online retailers, car-makers and media organisations, including the NYT itself, among others.

Of the examples given it reported:

Microsoft's Bing search engine was able to see the names of "virtually all" Facebook users' friends without those friends' consent in order to personalise the results it showed

The music-streaming service Pandora and film review platform Rotten Tomatoes also had access to friends' information in order to customise their results

Apple devices could access the contact numbers and calendar entries of users even if they had disabled all sharing in their Facebook settings. Moreover, it said Apple's devices did not need to alert users to the fact they were seeking data from Facebook

Netflix, Spotify and the Royal Bank of Canada were able to read, write and delete users' private messages and see all participants on a chat thread

Russian search provider Yandex was allowed to index users' identities from public pages and posts to improve its search results after Facebook stopped other applicants from continuing the activity

It said the arrangement made it possible for other companies to do things like consolidate posts from Facebook, Twitter and other social media providers in a single app, or provide alerts from a range of services via a web browser.

Image copyrightFacebookImage caption
Facebook says that the integration partnerships allowed the BlackBerry Hub and other similar services to be possible

But it noted that to do this, its members had to have signed into their Facebook accounts to give permission. It added that "nearly all" of these partnerships had been shut down in recent months.

Facebook refers to the second type of arrangements as being "instant personalisation".

It said these allowed other apps to see Facebook's private messages so that, for example you could send a song recommendation to a friend without having to leave Spotify's app.

The facility also ensured that if you deleted a message within a third-party app, it was also deleted in Facebook.

What have the other firms said?

The BBC understands it ended its Bing contract with Facebook in February 2016, and the social network's data stopped appearing in its search results at that point.

Netflix has said that it stopped taking advantage of its ability to recommend content to members' Facebook friends in 2015 as the service had not been popular.

Image copyrightFacebookImage caption
Netflix used to let users send messages to Facebook friends from within its service

"At no time did we access people's private messages on Facebook or ask for the ability to do so," it added.

Spotify had indicated it was unaware of the degree of access Facebook had provided to it. Apple has also said that it was also not aware of its devices being granted special access.

Yahoo said it only tapped into Facebook's data once users had opted in, and did not do so for advertising purposes.

Yandex has said its arrangement was limited to users in Russia, Turkey, Ukraine, Belarus, Kazakhstan and other Commonwealth of Independent States (CIS) countries, and added that it stopped receiving Facebook's data in 2015.

Amazon said it only used Facebook's information "in accordance with our privacy policy".

Why does this matter?

Part of the issue is that Facebook promised a US regulator - the Federal Trade Commission (FTC) - in 2011 that it would not share user data without explicit consent.

Facebook insists it has not breached that pledge, but some privacy experts suggest otherwise.

Furthermore, despite Facebook executives claiming to have been transparent over the years about the firm's privacy policy shifts, campaign groups suggest new laws are needed to restrict its activities.

"Time and again Facebook has been unable to clearly and in plain language explain to people how the company is collecting, storing, sharing, and retaining people's data," a spokeswoman for Privacy International told the BBC.

"The sheer scope of the Facebook scandals in 2018 alone is mind-boggling and shows that data exploitation is a rampant and systemic."

The other risk is that the more negative stories there are in the press, the more likely users are to quit Facebook and its other apps - including Instagram and WhatsApp - or at least stop sharing personal information with them.

WONT USE GOOGLE,GETTING RID OF FACEBOOK ACCOUNT I DIDNT KNOW I HAD.WOULD GET RID OF TWITTER IF IT WASN’T 4 ❤️ OF YOU.THESE COMPANIES HAVE NO ALLEGIANCE TO,OR ❤️OF ANYTHING BUT MONEY💰💰. THEY MIGHT AS WELL BE CONSPIRING WITH RUSSIA TO DESTROY OUR DEMOCRACY.WHERES❤️OF 🇺🇸

1/ Some personal news: I've decided to quit Facebook around the end of the year. I am doing this - after being on Facebook for nearly 12 years - because my own values and the policies and actions of Facebook have diverged to the point where I’m no longer comfortable there.